Skip to main content
Category

Cyber Security Awareness

Slow Internet Issues Could Be Serious

By Cyber Security Awareness

You pay premium prices for business class Internet, and it winds up leaking through the Ethernet like honey off of a spoon. In 2016, you need high speed Internet in order to run a successful business, so getting it back up to speed when it starts to slow down is a top priority. Here’s a quick troubleshooting guide to help you determine whether you can apply a quick fix, or if you might need to make a phone call:

Boosting Your Wifi Signal

The issue might not be your Internet connection, but your Wifi signal. It doesn’t matter how fast your web connection is when you’re too far away from your Wifi router or it’s putting out a weak signal. Plug directly into your Internet with a wired connection. If it runs fine, you may simply need to buy a more powerful router, switch to wired connections, or rearrange your office space so that your router can reach everyone who needs it.

Someone’s Doing Some Heavy Downloading

Let your employees know that business-class internet doesn’t mean “Go ahead and do all your bit torrenting at the office from now on.” Downloading twenty eight movies at once while uploading fifteen others is going to slow you down.

Do a Security Check

Your network may be infected with a worm. More so than most viruses and malware, worms can really drag your connection down to a crawl. A network scan will be able to help you root out the intruder if this is the case.

See if Someone is Stealing Your Wifi

Places of business are an easy target for Wifi thieves. You can check your router device list to see if someone is connecting without permission. If so, you can change the password, and/or switch your security settings to WPA2-AES.

Call Your Provider

Call your provider and ask there are any issues in your area. It may simply be a temporary issue that they are already hard at work rectifying. And if that doesn’t work…

Start Shopping Around for a New Provider

Your provider might just not be up to the task of providing you with top-notch business grade Internet. If there are competing ISP’s in your area, don’t hesitate to get some quotes and compare download speeds. Brand loyalty is all well and good, but you don’t owe it to an ISP that isn’t providing.

Can Robotics Be Hacked?

By Cyber Security Awareness

If you can plug it into a wall, you can hack it. The question is not so much whether or not industrial robotics and so on can be hacked, but under what circumstances, and whether or not it’s a serious threat.

Something worth acknowledging up front is that hacking is a crime of opportunity. It’s rare that a victim of hacking or cyber-crime is specifically targeted. Certain high-profile organizations and people are, of course, at a greater risk, but not so much because they are being targeted by single, brilliant cyber-crooks. Rather, a high-profile individual or company is at risk because a lot more people are attempting to hack them. It can take one person a hundred years to guess your password, but it might take a thousand people only a weekend.

Hackers are looking for vulnerabilities anywhere they can find them. They’re not picky. If they can’t hack into a bank account, then they’ll use some bots and algorithms to try credit card numbers. If you work with robotics in your business, you’re not a target because of your robotics, you’re a target because a hacker thinks your security is weak.

If your robot is hacked, then what’s the worst that can happen?

In sci-fi movies, we see hacked robots rob banks on behalf of their new masters or, at the very least, they put cars together all wrong. The reality is far less exciting.

It’s possible for a hacker to bring production to a halt by cracking into a robotics system, but a robotic arm built to attach car doors is not going to be reprogrammed to pickpocket factory workers. Rather, the robot provides a means of cracking into whatever network it’s attached to. It could be a webcam or a tablet or USB drive. All the hacker cares about is that it’s an opening to load viruses, spyware, etc. Anything that’s connected to your network can be used to attack anything else that’s connected to your network.

Again, hacking is a crime of opportunity. This means that if you have decent security measures in place, then you’re going to be a low-priority target for a hacker. Hackers are not usually spending all week, or even a full hour, trying to crack into any given system. They’ll try for a few minutes, and then move on. Just having security measures in place at all makes hackers reluctant to bother with you.

Don’t Void Your Warranty…

By Cyber Security Awareness

It can be tricky to know what will and what won’t void the warranty on your phone, your PC, your tablet or your laptop. You probably have a manual laying around somewhere that can lay this out in more detail, but feel free to rely on this as a quick FAQ on some of the more common questions on what will and won’t void a warranty on an electronic device:

DIY Repairs

Some do-it-yourself repairs will void your warranty, some won’t. As a general rule, repairing cosmetic damage almost never voids your warranty. If you have to replace the screen on your phone, for instance, then your warranty will remain valid as long as you let them know that you’ve replaced your own screen. Replacing the entire shell casing, on the other hand, might be a bit of an issue, but luckily, your warranty probably means that you can go have your casing replaced for free.

Rooting Your Phone

If you take a ROOTed phone in for repairs, they’re going to tell you to hit the bricks. Here’s the good news: you can just unROOT your phone. There’s an app called Universal Unroot that can do the job for you quick and easy.

This applies to a lot of mods and hacks for your phone or tablet: they’re reversible. You may be able to bring your phone in for repairs by simply restoring it to factory conditions and collecting on your warranty.

Customizing a Desktop or Laptop Computer

Even though they’re built as all-in-one units, if you have a Mac, you’re probably going to wind up adding more RAM to it. It varies from brand to brand, model to model, but most sellers and manufacturers will honor the warranty even if you’ve added some bells and whistles to its hardware within certain limitations.

Cosmetic Modding

A general rule of thumb for cosmetic modding of a phone or a PC is: If you need more than a screwdriver to crack the casing open, then you’re probably voiding your warranty. They sell stickers and decals specifically for cosmetic modding of your devices, and you can go ahead and put your PC in a custom case, but once you’re peeling open the parts that weren’t meant to be exposed, you’re doing potential damage that will definitely void your warranty.

We’ve provided some general guidelines here, but some companies are more or less strict than others. When in doubt, shoot them a quick email and see what’s covered.

The Need for Cyber Privacy Liability

By Cyber Security Awareness

BB_1208-02In today’s high-tech world, individuals can carry thousands of client files on flash drives in their pockets or purses. People are conducting business on the go and sensitive information is accessible at the click of a button. Managers are using their laptops or tablets through “hot spots” at local coffee shops to access customer databases. Healthcare professionals shopping at supermarkets can get patient files on their smartphones. If you think of information security breaches primarily in terms of malicious hackers cracking the networks of big corporations from thousands of miles away, think again.

The hacking of such corporate giants as Global Payments, Epsilon, and Sony prove that size and sophistication can’t stop data thieves. However any company that stores customer information in electronic format is vulnerable to cyber privacy liability exposures than can cost megabucks – or even put a firm out of business – which means they need insurance against these risks.

Cyber Liability coverage can protect your business against breaches of privacy from unauthorized access, physical taking, or the mysterious disappearance of confidential information that leads to third-party losses resulting from identity theft. Depending on your needs, the policy can also provide a variety of coverages, such as Business Interruption, Cyber Extortion, and Systems and Data Recovery. Other options can cover the cost of contacting those affected by the data breach, computer forensics to analyze the breach, fines and penalties, potential HIPAA (client medical records) exposures, and online activities on your company site. The development and expansion of Cyber Liability coverage during the past two decades has paralleled the explosive growth of computer technology: Today’s policies are increasingly comprehensive – and inexpensive.

Security Tips Provided by a Professional Hacker

By Cyber Security Awareness

cyber-1702-2“Cybersecurity is definitely no longer a server room issue,” says David Finn, Executive Director at the Microsoft Cybercrime Center. “It’s a boardroom issue.” He notes that on average, it takes 243 days before an organization even knows that it was penetrated by a cybercriminal.

Today, when one in five businesses are the target of a security breach, bad things are inevitably going to happen. That’s why looking at your organization from “the bad guy’s perspective,” says Tiffany Rad, is crucial. Rad is rated one of Bloomberg’s top “white hat” hackers (computer specialists who break into protected networks to test security and advise organizations on improvements).

One of the most difficult things in Rad’s industry is protecting against insider threats. But she notes there are products entering the market that have “an algorithm to check for abnormal patterns, when it looks like someone’s going to sites perhaps that they shouldn’t be during working hours or they’re on different hours than normal.”

In terms of external threats, there’s a lot of attention on protecting businesses as they move to the cloud. Ken Biery Jr., Verizon’s Managing Principal of Governance, Risk and Compliance, explains that it’s important to provide physical and logical security. Rad agrees, noting that in addition to firewalls and antivirus software, protection against malware is critical as more and more hackers look to steal intellectual property to give themselves or your organization’s competitors a heads-up on what your organization is planning.

You’re “only as safe and secure as your weakest link,” says Finn, admitting that when you rely on the cloud, “you trust that an organization is going to invest enormously in your security.”

But, as Biery sees it, “the good thing about a lot of the cloud providers that are out there is their default security, and the security they built into their environments are often better—especially for small and medium businesses—better than what they could do themselves.”

Biery also points out that companies need to stay in control with the advent of BYOD (Bring Your Own Device). With mobile device management, “you can take and keep your sensitive information in an encrypted container on that employee’s phone. So it kind of exists as its own virtual machine in that environment,” he says, explaining that you can delete access and the encrypted container without affecting personal data such as photos.

The bottom line, agree the experts, is that companies of all sizes need to amp up protection. Even if you think your business information isn’t of interest to others, Rad assures us that there will always be hackers that find your digital footprint interesting and will do something with it—if only because they can.

Good Viruses?

By Cyber Security Awareness

cyber-1511-4By definition, there’s nothing really wrong with viruses. They’re just self-replicating, that’s all. If the cash in your wallet was self-replicating, you probably wouldn’t complain. Virus researcher Fred Cohen has even put out a $1,000 bounty for the first developer who can come up with a truly helpful virus. So far, he hasn’t paid out, but theoretically, a good computer virus is possible.

“Helpful” worms, however, may prove that even a “good” virus is a bad idea.

Helpful worms like Welchia, Den_Zuko, Cheeze, Mellenium and CodeGreen were designed in the name of helping the user. Welchia’s design was actually kind of clever, finding and eliminating the Blaster worm by seeking out the same vulnerabilities as the Blaster worm, and then, usually, applying a security patch to keep any other worms from working their way in. The Welchia worm was programmed to automatically remove itself at a set date.

Here’s the problem though: The main thing that worms do is slow down your network by feeding a constant stream of data through it. Whatever else they might do, that’s the main thing people hate about worms. A helpful worm slows down the network just as much as a harmful worm will. Additionally, helpful worms are known to reboot the computer without the user’s consent, which can be a major problem if you’re right in the middle of a project that you haven’t saved recently.

Helpful viruses are an interesting idea in theory, but they still self-replicate without the user’s consent, they still eat up RAM and other resources, they still slow the network down. As technology advances we may see a day when helpful viruses are able to actually improve a computer’s performance without any adverse effects. For the time being, however, there is that old saying about where the road paved with good intentions leads to…

Customer Service Evolution in the New Age

By Cyber Security Awareness

Technology has advanced the speed and scale at which consumers can communicate about their brand interactions. As a result, businesses have had to determine how to respond to customers on a personal level in what is now a very public, digital space.

If a person had a poor customer experience at a restaurant a few years ago, they may have warned friends not to eat there or written down their complaints on a comment card. Today many people feel comfortable venting their frustrations to an exponentially larger, public audience: the entire Internet. Many companies are still struggling to identify which grievances necessitate a personal reply, which ones can be left alone, and which complaints require escalation and/or a security response.

We reached out to our Microsoft privacy experts again this week to ask how companies should approach online customer feedback, especially where privacy and security are concerned. In an interview with Microsoft for Work, Marisa Rogers, Global Sales and Marketing Privacy Manager, and Kristi Berry, Senior Privacy Manager weighed in on the issue.

Berry: This is a huge question. Things have changed a lot because of evolving industry trends and evolving attitudes towards technology and social media. In general, people are much more comfortable with these types of data collection and comfortable with this social, digital world. They are more aware and paying much more attention to what’s going on. For us that makes it more and more important to provide the right levels of controls for the customer to manage their privacy.

Rogers: There were recent news reports of a man who was boarding a Southwest flight and tweeted about his bad customer service experience with the gate agent real-time. He included the agent’s first name and the gate location where he boarded his plane. It caused him to be removed from the plane and to be interviewed by security officials before he was allowed to go on the flight. Certainly in the public space, people are increasingly using social media to comment both positively and negatively on customer service.

Now, in this particular case, [there was] heightened sensitivity because it had to do with a situation in an airport where someone was complaining about a bad experience. Companies will need to carefully consider how they respond to make sure the response is proportionate to the complaint. There are many examples of companies responding to feedback on social media that are both good and bad.

Rogers: In the first place, you have to be prepared to receive the complaints. You should have a plan of action on how you want to address questions or comments that are neutral-to-negative to your business. This may include having some standard answers ready to go and thinking about how to diffuse difficult situations through social media. Remember you can take it offline if it’s more appropriate to address the person’s specific issue.

Future Security Risks: What’s Coming!

By Cyber Security Awareness

20130611-cyber-eyeMany IT and security professionals will tell you that one of the biggest threats to sensitive data and equipment is not the fact that hackers are just so smart and determined, but that the security is always one step behind the technology.

Hardware and software developers do what they can to launch with built-in security features, but there’s no telling how to handle a threat until you know where those threats are coming from, and you can’t be certain of where those threats are coming from until you’ve already launched. Security, like your immune system, is all about adaptation. Here are some just-over-the-horizon security threats that we may need to combat in the coming years:

Bodyhacking

The FDA approved the DEKA arm, nicknamed Luke, for robot-arm transplant recipient Luke Skywalker, in May of 2014. The arm, developed by DARPA, has led to some speculation of hackers targeting prosthetic limbs. We already know that you can hack a pacemaker, so what’s to stop people from taking control of a pair of prosthetic legs?

Homehacking

Right now, an Internet-of-Things enabled automated home is a rare sight. A handful of people in Silicon Valley may enjoy curtains that open at seven o’clock on the dot and coffee machines that know just how you like it, but it’s not the norm.

Then again, a computer in every home wasn’t the norm twenty years ago, and smartphones were but a dream in 2001. It’s easy to imagine pranksters turning your refrigerator off remotely and letting your food spoil while you’re away for the weekend, or blasting your stereo at full volume while you’re trying to sleep.

Neural Implants

There has been a lot of speculation of late regarding neural implants, connecting the brain directly to the internet with the appropriate machinery. As crazy as it sounds, we’re not that far off.

The major threat with a neural-implant-connected internet might not even be a malicious hacker, but something as simple as a web-surfer suffering a stroke while connected with thousands of other users.

Self-driving Car Hacks

The self-driving car sounds like a great idea, but nobody seems to be willing to rush it into mass-production, and for good reason. The roads aren’t ready, and neither is the technology. Researchers funded by the Defense Department recently ran an experiment and found that it was incredibly easy to hack into a self-driving car and take control.

There’s a lot of new technology on the horizon, and a lot of it is on the brink of becoming as commonplace as the television and the laptop. It’s a brave new world out there, and there’s no way to ensure that your first self-driving car is unhackable, but the good news is that with every successful hack, we learn more about how to prevent it from happening again.

Secure Your Devices

By Cyber Security Awareness

0,,17180223_303,00Staying secure in the office is relatively easy. Sure, you have to be vigilant, but you have a whole team of IT pros, you have office protocol and guidelines, and network security to keep you safe and sound. Once your employees step out of the office, it’s a whole other story. Here are a few of the top security risks outside of the office, compiled from research papers and tech security blogs across the web:

Stolen Phones

This is going to disappoint you: leaks don’t always involve a saboteur in the company, and hacks don’t always involve a team of cyberpunks in black leather jackets. A huge chunk of sensitive data is leaked simply because an employee left their phone on the table when they went to the restroom at a coffee shop.

Even if your employees know better than to be so careless, public WiFi brings its own security risks. When it comes to the really sensitive stuff, it’s a good idea to enforce a company policy that will keep that data where it belongs: on secure, in-office hardware.

Out of Office Notifications

An employee gets a message and their text chat program automatically responds “Out of the office, be back later!” These notifications are great for personal computers, but announcing to the world that your work laptop is on, and unguarded, is like putting a sign up on your front door reading “On vacation, please don’t break in and steal our silverware!” Turning company computers and devices all the way off when not in use will prevent would-be hackers from breaking into unmonitored equipment.

The Disgruntled Former Employee

Once an employee is not only out of the office, but out of the company and off the payroll, what do they have to lose by sharing sensitive information? Well, quite a lot if you make sure that all employees sign a non-disclosure agreement before they begin working for you.

If you keep your turnover rate low by hiring only the best candidates, and if you make an effort to part on good terms when ending a relationship with an employee, you’ll have a bit less to worry about, but the non-disclosure agreement at least gives you some recourse should a former employee go out of their way to make your life a little harder than it needs to be.

By all means, keep your data safe and secure. Hire the top IT people to handle encryption and manage your data center. Just bear in mind that hackers tend to be kind of low-tech and opportunistic, just as quick to snatch a laptop off a coffee table as they are to spend weeks cracking your email password.

How Did Computer Virus’s Begin?

By Cyber Security Awareness

cyber-1511-2The computer virus seems to have spawned into existence in the 1990’s when users started hopping online with AOL. In truth, the history of the computer virus dates back about forty years. The modern virus, which spreads over the internet and across networks, really took off in the 80’s and 90’s, but developers and programmers have been experimenting with viruses in closed environments since the early 1970’s.

The very first virus was the Creeper. The Creeper wasn’t as harmful as today’s viruses, it just displayed a message reading “I’m the creeper, catch me if you can!” The virus was detected on the ARPANET, a sort of proto-Internet. Creeper was written as an experiment by Bob Thomas of BBN Technologies back in 1971. Thomas just wanted to see what would happen with a self-replicating program, infecting the TENEX operating system.

This brings us to the first software security program, the Reaper, designed specifically to kill the Creeper.

Another major forerunner of the modern virus was 1982’s Elk Cloner, the first virus to be released outside of a closed environment. The virus was written in 1981 by Richard Skrenta, attaching to the Apple DOS 3.3 OS via floppy disk. Skrenta wrote this virus while still in high school. It displayed a short poem that began with “Elk Cloner: The program with a personality.”

Neither of these proto-viruses were truly harmful, but they helped to show programmers, white hat and black hat alike, how vulnerable computer systems could be. No doubt, Skrenta and Thomas inspired coders of both viruses and antiviral software.

The modern virus really took off in the 1990’s with America Online and the worldwide web. Here, self-replicating viruses had global access for the first time, and best of all, the average computer user was no longer as computer-savvy as they had been in the 1970’s and 1980’s. It was the perfect breeding ground for viruses.

Today, there are a few hundred specific strains of viruses and malware, with millions of variations. Viruses have come a long way since the Creeper, and so have the counter-measures.